Managing Roles and Policies Centrally
- Dennis Bridges
UXPROD-4707 - Getting issue details... STATUS UXPROD-4708 - Getting issue details... STATUS
Problem(s):
In a standard FOLIO system Roles are defined at the tenant level. Allowing administrators to apply existing roles to any user within the tenant. With multiple tenants administrators still want the ability to manage system wide roles that can be applied to users in any tenant.
Use Cases & Requirements:
| Legend |
| Scope may require separate feature |
Requirement | Status | Use cases |
|---|---|---|
| Allow users to assign users to roles in the role view | VERIFIED | User that configures roles is the person who assigns permissions to user |
| Create granular permissions for view, edit, create and deletion of roles | VERIFIED | Multiple Admins create roles and assign permissions to staff. Staff may or may not be assigning and unassigning users. Student perms change so often they try to distribute the responsibility |
VERIFIED | 1 Admin configures roles and generally assign staff to roles. Staff that manage the student works will actually assign permissions to their student workers | |
| Users are only able to manage Roles for the tenants they are affiliated with | Cohort of administrators configure roles and policies for users that operate in all areas of the system. | |
| Display roles and capabilities on user records by affiliation | VERIFIED | User needs to see the granular perms of a specific user on the user record for troubleshooting. |
| Require specific user permissions to be able to view the Roles accordion on a user record | VERIFIED | Generally a security vulnerability to display user permissions to anyone who can see staff users (User could target other users based on their permissions linger at their workstation etc.) |
| Allow admin user to compare the Roles and capabilities of one user to any other user in the system which they have permission to manage | VERIFIED | When identifying why user 1 can not do what user 2 can do we compare the users specific permissions or roles. |
| Allow admin to compare the capabilities of one role to another role | VERIFIED | When new permissions are added functional roles are updated. Admins then compare roles to verify all necessary functions are included in each role |
Proposed workflow:
Questions:
Question | Status | Conclusion | Comments |
|---|---|---|---|
OPEN | |||
OPEN |
Functionality Potentially Impacted by Changes:
Functional area | Records | Potential impact | Suggested Regression Testing |
|---|---|---|---|